Comment 6 for bug 1308572

Robert Bruce Park (robru) wrote :

So both the linked branches built in silo 8, and when I tested it, this is what I found:

1. start unity

2. open terminal (Ctrl+alt+T)

3. type 'sleep 15 && killall -9 compiz'

4. lock screen

observe: screen locks, then unity crashes, then unity restarts locked. so far so good.

5. issue the same command in the terminal again

6. lock the screen again

observe: screen locks, then unity crashes... and doesn't come back.

I'm told this is not a regression (eg it's known that unity does not restart after the first crash) however this is significant because when unity does not restart, that terminal just stays open right there, and while it doesn't respond to keyboard input, it does respond to mouse input, so it's possible to issue commands as the logged-in user by copy & pasting (eg, select some text, right click -> copy, right click -> paste).

So if I'm an attacker and I'm in a position to trigger a crash in compiz, the whole "restarting locked" thing seems kind of weak, because all I have to do is crash compiz... twice. Granted the unity-free UI is quite limited, maybe there's a browser open and I can access the user's email, or whatever. it's still an attack vector.